Filter
Top Products
Page 47 of 55
airPoint™ Nexus User Configuration Guide
intelligent wireless platform
For TLS and PEAP, the server needs root.pem and cert-srv.pem. For TLS, the Windows XP client
needs root.der and cert-clt.p12. For PEAP, the Windows XP client needs root.der.
In the event that you want to use TLS authentication with multiple clients, Document 3 provides the
needed script. Look for the CA.clt script in Section 6.
3. Configure Server for TLS
There are only a few changes and additions needed for TLS authentication. The clients.conf, users,
and radiusd.conf are located at:
/usr/local/radius/etc/raddb
a. clients.conf
-- This file contains the basic configuration for the Access Point. Look for the following
line then uncomment and modify as appropriate:
#client 192.168.0.0/24 {
client 192.168.1.0/24 {
secret = AP_Shared_Secret
shortname = WLAN
}
b. users
-- This file contains the basic user information. Look for the following line and then add the
user name:
#"John Doe" Auth-Type := Local, User-Password == "hello"
#
jbibe
Note that for TLS, you should not include an Auth-Type or a password. The server is able to
determine the correct Auth-Type, and a password is not needed because the client uses a client
certificate for authentication.
c. radiusd.conf
-- This file contains the server configuration information. Look for the following lines
and then change the default_eap_type from md5 to tls:
eap {
default_eap_type = md5
Change md5 to tls.
Move down to the following line, and then uncomment and modify the information, as shown below.
Note that I placed the server certificates, dh file and random file in a new directory 1x on our system.
Modify the path as needed for your server:
#tls {
tls {
private_key_password = whatever
private_key_file = /usr/local/radius/etc/1x/cert-srv.pem
certificate_file = /usr/local/radius/etc/1x/cert-srv.pem
CA_file = /usr/local/radius/etc/1x/root.pem